Professor Joshua Cohen introduced this week's session with an overview of the event that has been dubbed the Haystack Affair. At the time of the Iran election in June 2009, various projects emerged as attempts to improve the flow of information among activists. One of the projects that emerged at this time was Haystack, a circumvention tool that aimed to make it difficult for the government to trace what members of Iran's Green Movement were saying. Around August 2010, there was a flurry of discussion and critiques of Haystack on Stanford's Liberation Technology listserv. By mid-September, the Censorship Research Center, which designed and managed the program, announced that Haystack was being taken out of service, and that people were advised not to continue using it. As framed by Cohen, the goal of this session was twofold: to get a better sense of what actually happened, and to arrive at an understanding of what lessons can be drawn from the case, especially with regards to the responsibilities of the people who work on these projects, of journalists and of public officials.

Daniel Colascione, Formerly, Technology Director at Censorship Research Center,
began his portion of the talk, which he entitled "Lessons to be Learned from the Haystack Affair," with some contextual information. In June 2009, news sources and Twitter were flooded by content on the flawed Iranian election. The problem was that conventional proxies were being blocked just as soon as they could be brought on. The Censorship Research Center began creating the Haystack program to be a circumvention tool. Under administrative law, however, encryption software was not eligible for export to Iran, so Haystack was simply set up as a test program. Nevertheless, the press very quickly got wind of what the CRC was trying to do with Haystack, and media reports proliferated.

Haystack exhibited two innovations of particular significance. First, it was planned on U.S. stenography to hide content with innocuous streams (like within streams of information from cookierecipes.com, for example). Second, it had a secure distribution scheme. A person would receive a key that would unlock access to a very small portion of the Haystack network. That way, Haystack's administrators would know which person received which copy. The key features of Haystack include:

• Obfuscation
• Encryption
• Perfect forward secrecy
• Modular design
• Managed distribution with traitor tracing

Before moving on to discuss lessons learned, Colascione attempted to respond to critics' claims by setting the record straight on Haystack. First, he explained how critics had complained that there was no proof that the program was being used in Iran. Indeed, Haystack proper was never completed. News articles about Haystack, some of which stated that Haystack had served thousands of users, were wholly inaccurate. Instead, a test program was distributed to approximately two dozen people. Second, there were doubts about the functionality of the program, and complaints that there was no external security system. The program was indeed traceable, which means that the government can detect use of the program. In Haystack's defense, Colascione noted, all anti-censorship tools are traceable to some degree, and statements to the press greatly exaggerated the risks associated with this traceability. The best defense against "traceability" is "normalization," or making sure the user base is large; but all programs start small. Finally, one critic obtained a copy of the firewall proof of concept, a test program not intended for distribution, and tore that apart. It was in response to all of these critiques that the program was ultimately shut down.

Project developers

By Colascione's account, the problems and failings of the Haystack project were personal, not technical. This included the CRC's practice of not being transparent and open about information-sharing, a reality which led Colascione to distance himself from the project. Additionally, one member of the staff, Austin Heap, made exaggerated statements about the program's capabilities.

Evgeny Morozov, Visiting Scholar at Stanford University, who followed Haystack since the first articles appeared in 2009, noted that this member of CRC staff was also involved in cyber attacks against the Iranian government during the election period. Despite the good intentions behind these efforts, they had the consequence of slowing down the Internet for regular citizens as well as the government; this case therefore offers an example of how the good intentions of developers can sometimes be quite counterproductive.

Journalists and the media

The Haystack case offers several lessons for the press. First, the press ought to rely on more than one source within the organization, and fact-check carefully. There were about 878 news stories since March 2010, with a spike corresponding to when the CRC announced they were applying for a permit for the program; however, virtually all of these reports were dependent upon one source. According to seminar participants, there was a failure of skepticism in media reports, especially with respect to Austin Heap's often very ambitious claims. One attendee claimed that universities ought to do more to advocate for journalists who are qualified to report on these issues. To cover a technology like Haystack, one would need people on staff who know sanctions law, basic cryptology, and about Iranian society.

These realities aside, it was hard for journalists to fact check whether Haystack was indeed secure or being used by citizens in Iran, because secrecy was built into the program and participants couldn't share the code. As Morozov has noted in his various writings on the project, the government's review process of Haystack was similarly nontransparent. Additionally, the ambitious reports put out by CRC probably made the Iranian government very nervous, especially as the program's legitimacy was boosted by news that Haystack creators were meeting with Senator McCain and rumors that the CIA was involved. Thus, there might have been a temptation to go a little bit past the truth for this reason, which, combined with the reality that journalists want to take the sensationalist angle, resulted in a media frenzy. 

Government officials

The Haystack affair can also offer some lessons for government officials, who played a key role in creating an air of legitimacy around the project. Morozov emphasized that one key reason Haystack gained such an air of public legitimacy as a circumvention tool stemmed from U.S. government officials' actions. Indeed, Haystack had to go through a licensing process with the U.S. government in order to get legitimacy to continue operating despite the sanctions. To get a license, the CRC submitted a description of the program, not the code for the program itself. However, the U.S. government's licensing was not supposed to mean that Haystack was functioning properly. This fact was misrepresented because Haystack was the only project that got the green light from the U.S. government. Furthermore, Secretary of State Hilary Clinton was asked at one point whether the U.S. government was doing anything to help Iranians access the Internet. She replied that the government had fast tracked a circumvention program called Haystack. Meanwhile, the State Department denied fast-tracking the program to get around sanctions and Newsweek reported wrongly about the entire affair. By some seminar participants' accounts, the people who knew the facts were incorrect, or did not actively seek to get them corrected for political reasons. Additionally, some see the reality that that you cannot ship cryptology technology to closed regimes as a broader example of how shortsighted the sanctions regime is. 

One takeaway point from discussion is that Haystack and similar technologies can just as well be used by people with bad intentions as those with good intentions. In defense of such projects, however, it is worth remembering that those bad networks likely have access to malware and botnets and other technologies already; Haystack and other anonymity projects just make these technologies available to "good guys." In any case, it is important that project developers, journalists and government officials learn lessons from cases like the Haystack affair, so that they can better deal with new liberation technologies introduced in the future.